Digital.ai Release 22.1.1

Digital.ai Release 22.1.1 includes the following new features:

• Retention policy for archived releases
• New folder permission: Perform task transition in advance
• Export Dashboards as PDF
• Simplified license renewal in Release clusters
• Validations in GitOps-enabled folder version control
• HTTP security enhancements
• OIDC Private Key authentication support
• Support for Microsoft Edge based on Chromium
• Version upgrades—supported databases
• Abort Long-running Tasks
• Scripts to upgrade, back up, and restore H2 database
• Kubernetes Operator-based installer enhancements
• Plugin Manager enhancements
• Plugins and integrations

And more bug fixes and enhancements.

Support Policy

See Digital.ai Support Policy.

Upgrade Instructions

The Digital.ai Release upgrade process you use depends on the version from which you are upgrading, and the version to which you want to go.

For detailed instructions based on your upgrade scenario, refer to Upgrade Release.

New H2 Database Version

Important: H2 database for Release is used only for testing and demo purposes. It is not one of the supported databases for production environments.

With Release 22.1 the H2 database has been updated to version 2.1.210 in order to mitigate CVE security issues related to the old 1.4.x version.

In case you are using the embedded H2 database in one of your development environments, you must migrate your data from H2 1.4.x (or earlier) to H2 2.1.x (or later) to bridge the incompatibility between the two versions (such as differences in file format in default MVStore storage engine).

Release 22.1 brings you scripts for both backing up and restoring the H2 database. You can use these upgrade scripts to backup and restore your H2 1.4.x (or earlier) to H2 2.1.x (or later). For more information, see xebialabs-community/xlr-backup-restore-script.

Known Issues

• D-20779 - Unable to use Release 22.1.1 with trial and temporary licenses with the embedded H2 database. As a workaround please use a full license or a production supported database.The issue will be fixed in the next maintenance version of Release.

New Features

Here's what's new with Digital.ai Release 22.1.1.

Retention Policy for Archived Releases

You can now purge archived releases (from the archive database) that are being held after the expiration of the configured retention period. This allows for automatic cleanup of releases that are not required per your company's audit or governance policy.

The purge process is disabled by default and needs to be activated by the Administrator on the System settings -> General screen.

Before the releases are removed from the database, their content will automatically be exported to the file system location configured in the System settings. The exported releases will be organized in subdirectories by their end date so each zip will be in the purged/<year>/<month>/<day>/<release-id>.zip format.

Here's an example for the contents of a purged release zip file:

Exempt Releases from Being Archived

• A new configuration option, Allow releases to skip archiving, has been added (System settings -> General) to exempt selected releases from being archived.
• When this option is enabled, the Allow releases to skip archiving check box shows up on the template and release Properties sub-pages.
• By marking a release to skip archive, the completed/aborted release is deleted instead of being moved to the archive database.
• This is useful for transient releases, which has no business value and are to be excluded from reporting and statistics.

New folder permission: Perform task transition in advance

• Task permission model has been extended with a new Release Tasks -> Perform task transitions in advance permission.
• Teams with the Perform task transitions in advance permission are allowed to Complete or Skip a task in advance.
• By default, this new permission is assigned to all the teams that are assigned with the Perform task transitions permission.

Note: There is a change in behavior for release owners with regards to performing tasks transitions. From Release 22.1.1, release owners will not have an implicit permission to complete or skip tasks. They will require an explicit task transition permission or be assigned to the task.

Export Dashboards as PDF

Custom dashboards on global and folder level have now been enhanced with an Export to PDF option for sharing dashboards with ease.

Simplified license renewal in Release clusters

With Digital.ai Release 22.1.1 license installation on one of the Release nodes in a cluster will automatically propagate to other nodes in the cluster, thus removing the need to renew the license on each node individually.

Warning: In case when cluster nodes already have licenses on disk, the license of the node last joining the cluster will be the one applied to all. To ensure the right license is applied, please update the license using the UI when all nodes are running or make sure all outdated licenses are previously removed from the filesystem.

For more information, see Licensing the Release Product.

Validations in GitOps-enabled Folder Version Control

• Enhanced the validation flow in folder Version Control with listing of external dependencies defined outside the folder.
• When creating a new version, all external dependencies will be listed for informative purposes.
• When applying a version, unresolved external dependencies are listed with deep-links for quick reparation.

HTTP Security Enhancements

• For better security, Digital.ai Release 22.1 and later support the sameSite attribute of the Set-Cookie HTTP response header allowing session cookies to be restricted to a first-party or same-site context.
• Valid values for the new xl.server.http.cookie.sameSite configuration parameter are Lax and Strict.
• For sites that use OIDC, the sameSite parameter must always be set to Lax.
• For remember-me, the sameSite parameter must always be set to Strict.

Example sameSite Cookie Configuration in the xl-release.conf file

Private Key JWT and Client Secret JWT Authentication Methods

• Digital.ai Release—22.1 and later—support client_secret_jwt and private_key_jwt methods to authenticate clients with OIDC-based ID providers such as Keycloak.
• The JWT assertion must be digitally signed using a private key in asymmetric cryptography.
• Digital.ai Release—22.1 and later—support signed JWTs only—it does not extend to encrypted JWTs encoded in a JSON Web Encryption (JWE) structure.

OIDC Private Key JWT Authentication

Digital.ai Release supports client authentication using the private_key_jwt method.

The following JSON Web Algorithms (JWA) are supported:

• RS256 (RSASSA-PKCS1-v1_5 using SHA-256)​​—this is the default if you use the private_key_jwt authentication method
• RS384 (RSASSA-PKCS1-v1_5 using SHA-384)​
• RS512 (RSASSA-PKCS1-v1_5 using SHA-512)​
• ES256 (ECDSA using P-256 and SHA-256)​
• ES384 (ECDSA using P-384 and SHA-384)​
• ES512 (ECDSA using P-521 and SHA-512)​
• PS256 (RSASSA-PSS using SHA-256 and MGF1 with SHA-256)​
• PS384 (RSASSA-PSS using SHA-384 and MGF1 with SHA-384)​
• PS512 (RSASSA-PSS using SHA-512 and MGF1 with SHA-512)​

Here's an example xl-release.conf file that uses the private_key_jwt authentication method.

OIDC Client Secret JWT Authentication

Digital.ai Release supports client authentication using the client_secret_jwt method.

The following JSON Web Algorithms (JWA) are supported:

• HS256 (HMAC using SHA-256)​—this is the default if you use the client_secret_jwt authentication method
• HS384 (HMAC using SHA-384)​
• HS512 (HMAC using SHA-512)

You can configure the desired JWS algorithm using the xl.security.auth.providers.oidc.clientAuthJwt.jwsAlg​ key.

Here's an example xl-release.conf file that uses the client_secret_jwt authentication method.

As an additional improvement to OIDC, support for nested claims for Release roles mapping has been added. The . acts as a path separator and if needed can be escaped with backslash \\..

For more information, see Set Up the OpenID Connect (OIDC) Authentication for Release.

Support for Microsoft Edge Based on Chromium

Release 22.1 has been qualified to work with Microsoft Edge based on Chromium.

Version Upgrades—Supported Databases

Release 22.1 supports the following databases.

Database	Versions Supported
PostgreSQL	12.9, 13.5, and 14.2
MySQL	5.7 and 8.0
Oracle	12c and 19c
Microsoft SQL Server	2017 and 2019
DB2	11.1 and 11.5

Abort Long-running Tasks

You can set up timeout threshold (in seconds) for certain task types and have Digital.ai Release abort such tasks automatically when they run for a long time. This feature is disabled by default. You can enable task execution limits and set up timeouts for the following task types:

• Script Task
• Custom Script Task
• Precondition Task

Here's the list of parameters available to set up the task execution limits. To enable the task execution limits and set up timeouts, add the following parameters to the xl-release.conf file.

Once you enable and configure the task execution limits, long-running tasks—such as Script Tasks, Custom Script Tasks, or Precondition Tasks—are automatically aborted when they cross the defined timeout limit.

Kubernetes Operator-based Installer Enhancements

With Release 22.1.1, the Kubernetes Operator-based installer offers the following enhancements:

• Improvements to the installer to enhance stability
  • Upgrade process improvements
  • Uninstallation process improvements
• Keycloak is the default authentication manager when you log in to the Digital.ai Release interface.

Plugin Manager Enhancements

With Release 22.1.0, you can now set the value of the -plugin-source flag when running the system as a service on Windows or Linux operating system. For more information, see Plugin Synchronization.

Plugins and Integrations

Here's what's new with plugins and integrations.

• Checkmarx Plugin

  Fixed the issue where the Checkmarx enconding was failing for passwords with special characters.

• Continuous Testing Plugin

  Introduced a new task called Create Manual Report Template, which is used for manual testing and displays the results with a link to the Continuous testing report.

  

• GitLab Plugin

  Fixed the issue for the Tag trigger task execution.

• Octopus Plugin

  • New fields, Retry Count and Retry Waiting Time are introduced.

    

  • Fixed the Octopus performance issue that occurs during peak loads.

• VSTS-TFS (Azure Devops) Plugin

  Fixed the issue for the Queue build execution.

• SonarQube Plugin

  Fixed the issue for the KeyError field.

• ServiceNow Plugin

  A new field, External OAuth URL is added to provide External OAuth server support for authentication.

  

Bug Fixes

Bug Fixes and Field Incidents—22.1.1

• ENG-9273 - Fixed an issue with the Remember-me functionality.

• ENG-9017 - Fixed the Groovy script task execution issue where the task is kept in progress due to java.lang.Error.

• ENG-9015 - Fixed the incorrect Digital.ai Release component version in one of the database tables the XL_VERSION table.
  

  Important: If you are upgrading from one of the following Digital.ai Release versions, you must only upgrade to the latest patch release available for the version of Release you are upgrading to. For example, if you are on Digital.ai Release version 10.0.9 and planning to upgrade to the 10.3 version, you should upgrade to 10.3.8 or later versions of the 10.3 release. Here's the list of Release versions that are affected due this bug: Digital.ai Release 9.7.18, 9.7.19, 9.7.20, 10.0.7, 10.0.8, 10.0.9, 10.0.10, 10.1.6, 10.1.7, 10.1.8, and 10.1.9. The fix for the bug is available on these versions: Digital.ai Release 9.7.21, 10.0.11, 10.1.10, 10.2.10, 10.3.8, 22.0.1, and 22.1.1.

• ENG-8952 - Fixed the missing index on XLR_FOLDER_VARIABLES (FOLDER_CI_UID).

• ENG-8604 - The Apply Changes button will not be displayed to the users who do not have the permission instead of the Forbidden Access message.

• ENG-8302 - Fixed an issue that prevented a release (that was created from a global template) from inheriting folder permissions.

• ENG-6730 - Fixed an issue with the GitConnectionSettings for ThreadLocal security and memory leak.

• ENG-9080 - Fixed an issue where the cluster data was not properly persisted in the database.

• FI-947 - Fixed an issue related to RiskService that was occurring during login after the upgrade.

• FI-946 - Fixed JavaScript Exception: KeyError: Set-Cookie when Crowd and Strict Crumb plugins are used in Jenkins.

• D-20457 - Fixed the missing sidebar issue when creating a delivery.

• D-20387 - Unable to select a "time" when creating a new reservation (Environments > New reservation).

• D-20363 - Release calendar—Fixed the broken filter-based-on-status feature.

• D-20168 - Fixed the incorrect Settings page title.

• D-20230 - Fixed a form validation issue with the Edit Environment page.

• D-20171 - Fixed an issue (duplicate data issue when the page was refreshed) with the Audit Report page.

• D-20588 - Fixed an issue with the notification e-mail, which was not getting triggered when your e-mail address is inputted using the Assigned To field via release_variable task. Note that, only Username must be used to assign tasks.

Bug Fixes and Field Incidents—22.1.2

• ENG-9087 - Fixed an issue with install-service.sh and install-service.bat by updating them to include the plugin-source=database flag.
• D-20575 - Fixed an RBAC issue with external users that prevented users assigned to an LDAP user group from being able to assign tasks to themselves.
• FI-1018 - Fixed an issue with the Create Release task where the changes to the variable properties (label, description, required Flag) of the release template were not reflecting correctly.
• ENG-9404 - Fixed an issue with the Null Pointer Exception (NPE) that was displaying when selecting a release.
• ENG-9397 - Fixed an issue where we were unable to apply YAML with the value provider in CRT variables.
• ENG-9180 - Fixed an issue with the task-transition permission by removing it from Release Owners. Earlier this permission was available by default. Now it has to be configured.

Bug Fixes and Field Incidents—22.1.3

• D-20863 - Fixed the issue with the loading spinner icon, which was not getting displayed. This loading spinner icon indicates whether the Digital.ai Release is searching for releases and if there is any data being processed in the background.
• D-20898 - Fixed a usability issue with the Tab key, which occurs during runtime when the release has a user-input task. When you press the Tab key it should move to the next variable, and it has been fixed now.
• D-20318 - Fixed the issue for the CVEs that were detected in the latest Release Docker distribution.
• D-20645 - Fixed the issue where multiple API calls were made to access the variables in the user-input task.
• D-20706 - Fixed the issue where importing java classes in jython script tasks was not possible.
• D-20761 - Fixed the issue with the script task, which was unable to instantiate a condition subclass.

Bug Fixes and Field Incidents—22.1.4

• D-21088 - Issue with the "Watchers" user drop-down list in Task modal—the search text entered to search for a user was also added as a watcher when you select a user using the mouse, which is now fixed.
• D-21131 - Fixed an issue with the Attributes Rail—on clicking the Delete icon (not the button itself, but trash icon), the Edit Attributes modal opens up.
• D-21231 - Fixed—missing colors on the trigger activity logs.
• D-21430 - Fixed an issue (with values selected for mandatory list boxes) that prevented user input tasks from being completed.

Bug Fixes and Field Incidents—22.1.5

• D-20582 - Fixed the issue that prevented multiline text from being displayed in the Output properties of a task.
• D-21101 - Script tasks, if immediately preceded by a Gate task, fail to read the comments added to the Script task at runtime. This is now fixed.
• D-21120 - Fixed an issue with the Webhook:Json webhook task that generates wrong authorization token.
• D-21278 - A new template created at the global level (outside the folder) does not display its template name when opened in a new tab. This issue is now fixed.
• D-21470 - When you import an already exported template from one instance to another, it breaks the folder. It is because the passwords are encrypted with different encryption key. The issue is now fixed.
• D-21576 - Fixed an issue that allowed users to generate personal access tokens that are made of nothing but two or more spaces.
• D-21612 - Ignored a few URLs that cause log troubles.
• D-21812 - When a template is imported using the XL CLI, the Script task prevents the variables in it from automatically being updated on the variable screen. This issue is now fixed.
• D-21836 - Fixed the Dashboard details page to fit all screen sizes.
• D-21400 - When a valid Okta user, who is not assigned to the Digital.ai Release application in Okta, tries to login, an indefinite redirect loop occurs. This issue is now fixed.
• D-21573 - You cannot export an excel report from a release that is completed and archived. This issue is now fixed.
• D-21886 - After upgrading to 22.0.1, the dependencies that existed in Gate tasks before the upgrade are not available. These Gate tasks display the status as Not Found when their status is In Progress. This issue is now fixed.